Week 37 In Review – 2014

ArchC0n ’14 Report – www.digitalbond.com
Dale Peterson spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason he chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that he wrote down.

Inside the Super Bowl of lying – dailydot.com
This is the 2014 Def Con hacker conference at the Rio Casino in Las Vegas. The people are in one of the tiniest rooms in the casino to see the Super Bowl of lying. Here is the wrap up of the event by Patrick Howell O’Neill.

Troopers 14 presentations – troopers.de
Archived Contents and videos from a past Troopers are available here. You can watch the videos and download the papers.

Symantec Endpoint Protection 0day – offensive-security.com
Symantec will be publishing the code for this privilege escalation exploit in the next few days. In the meantime, you can check out their demo video of the exploitation process.

Tools

IVRE – github.com
IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including two modules for passive recon (one p0f-based and one Bro-based) and one module for active recon (mostly Nmap-based, with a bit of ZMap).

Techniques

Colliding password protected MS office 97-2003 documents – hashcat.net
Atom recently worked on adding support to oclHashcat in order to crack the different versions of password protected MS Office documents. While he was working on the 97-2003 version he found out that there’s a weakness in the scheme that he want to share here.

15 Ways to Bypass the PowerShell Execution Policy – netspi.com
By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration testers, sysadmins, and developers, but it doesn’t have to be. In this blog Scott Sutherland covered 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.

Hacking iClass Elite with proxmark3 – martin.swende.se
iClass standard and Elite are on par with Mifare Classic on crack-status. It is interesting to note that any iClass elite system is crackable by only a few seconds of proximity to a legitimate reader, while iClass standard is more difficult to crack.

Vendor/Software patches

Critical Fixes for Adobe, Microsoft Software – krebsonsecurity.com
Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update!

Home Depot Hit By Same Malware as Target – krebsonsecurity.com
The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.

Download at your own risk: Bitcoin miners bundled with game repacks – blogs.technet.com
Recently Donna Sibangan has seen an emerging trend among malware distributors – Bitcoin miners being integrated into installers of game repacks.This type of system hijacking is just one of the many ways to exploit a user by utilizing their system’s computing resources to earn more cash.

Other News

Cleaning up after password dumps – googleonlinesecurity.blogspot.com
One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web. Google are always monitoring for these dumps so they can respond quickly to protect their users. This week, they identified several lists claiming to contain Google and other Internet providers’ credentials.

5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise -tech.slashdot.org
After first appearing on multiple Russian cybercrime boards , a list of 5 million Google account usernames — are circulating via file-sharing sites. Experts say the information most likely didn’t result from a hack of any given site , including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.